Search Results

Search found 3310 results on 133 pages for 'policy compliance'.

Page 88/133 | < Previous Page | 84 85 86 87 88 89 90 91 92 93 94 95 | Next Page >

When RDP as a Domain User, Smart Card Requested

- by Paul

My W8 machine is connected to domain zen. If I rdp to the W8 machine, I can log in as a local user without problems. If I try to log in as a domain user, I am prompted for a smart card instead of a password. Any ideas why? Note that Interactive login: require smart card is disabled in group policy: And here is the output from rsop.msc: Some additional information on this one. If my connecting machine is on the same domain/network as the W8 machine, then I am prompted for a password as usual. If the machine is remote, on a different domain, then I am prompted for a smart card. In addition, the machine I am connecting from that gets the smartcard prompt is an XP box. I haven't isolated exactly which of these factors triggers the different response.

Read the article
Centrally manage Windows 7 computers without Active Directory

- by Sean W.

I manage three Windows PCs at home using the principle of least privilege. This means that practically every other day when a new version of Java is released, I have to manually install the update using my administrative credentials on each machine. This is starting to become more work than I had expected. I would love to set up an active directory domain at home, but Microsoft has discontinued Windows home server; its replacement, Windows server 2012 essentials is much more expensive (about $500). Are there any free (preferably as in speech) that would allow me to centrally manage the software installed on each machine in a manner similar to that of active directory? I'd also like to find a way to centrally manage security settings, but I doubt there's an equivalent of group policy. Samba 4 would be an ideal solution, but according to its own developers, it is not yet stable enough for production use.

Read the article
It's possible to use google smtp for sending email from my server?

- by Magnetic_dud

Well, I am becoming crazy to let my email deliver to gmail/hotmail from my new ip. Last year, i had no problems with my past ip, but now my emails go straight to the spam folder of gmail and hotmail. I checked with mxtoolbox.com and i am not blacklisted, not an open proxy, rdns is configured the right way, SPF policy is present on the DNS. My spf is v=spf1 a mx ~all But, still, I am filtered. So, I am wondering: since gmail does not accept my emails, it's possible to use gmail smtp server to deliver all mails from my server? AFAIK, it will change all the "from" address, but maybe there is a way to not let it happen?

Read the article
Limit a process's relative (not absolute) processor consumption in Linux

- by BobBanana

What is the standard way in Linux to enforce a system policy to limit the relative CPU use of a single process? That is, on a quad-core machine, I never want a process to use more than 2 CPUs at once, even if the process creates more threads. I do not want an absolute time limit, just a relative limit so that one task cannot dominate the machine. This is also different than renice, which allows a process to use all the resources but just politely step aside if others need them too. ulimit is the usual resource limiting tool, but it does not allow such CPU restrictions.. it can limit the number of processes per user, or absolute CPU time, not restrict the maximum number of active threads of a single process. I've found a couple of user-level tools, like CPUlimit, but not a system level tool or setting. Does such a standard resource controller exist in Linux (Red Hat Enterprise, if it matters.) If there is such a limit imposed, how would a user identify it?

Read the article
OpenOffice Vs Microsoft Office 2007/2010

- by Moody Tech

I have been asked to summarise the pros and cons in connection with the choices between Microsoft Office Vs OpenOffice. I have a broad idea of what needs to be said. However I would like to open a discussion here and have a single place to go to when the time comes to give the summary to management. There are obvious points of contention: For me the lack of compliance with Group Policy is a major concern [Default save location/visibility of C:/Visibility of files and folders on the HDD] However I am sure that functionality and compatibility will be the prime mover. We are looking at making major savings by reducing our commitment to Microsoft licensing. So what are your experiences? What happens when there are no direct equivalents? [Word has a close match in OpenOffice, but a database solution match is not as close, neither is an Outlook [connecting to Exchange Server and downloading all calendars, shared calendars, scheduled events, for Exchange will still exist after the move to OpenSource solutions] In summary then: What do you see as: The benefits of this plan? How do you see the problems being manifest? Discuss.... Many thanks.

Read the article
Packets marked INVALID in FORWARD rule

- by Raphink

I have a firewall that has 3 IP aliases on 1 physical interface. Packets get dropped between these 3 interfaces (either ICMP, HTTP, or anything else). We tracked it down to these packets being marked INVALID in the FORWARD rule and dropped due to the this rule: chain FORWARD { policy DROP; # connection tracking mod state state INVALID LOG log-prefix 'INVALID FORWARD DROP: '; mod state state INVALID DROP; mod state state (ESTABLISHED RELATED) ACCEPT; } (That is, we see the INVALID FORWARD DROP logs in dmesg) What could be causing this?

Read the article
ASA 5540 v8.4(3) vpn to ASA 5505 v8.2(5), tunnel up but I cant ping from 5505 to IP on other side

- by user223833

I am having problems pinging from a 5505(remote) to IP 10.160.70.10 in the network behind the 5540(HQ side). 5505 inside IP: 10.56.0.1 Out: 71.43.109.226 5540 Inside: 10.1.0.8 out: 64.129.214.27 I Can ping from 5540 to 5505 inside 10.56.0.1. I also ran ASDM packet tracer in both directions, it is ok from 5540 to 5505, but drops the packet from 5505 to 5540. It gets through the ACL and dies at the NAT. Here is the 5505 config, I am sure it is something simple I am missing. ASA Version 8.2(5) ! hostname ASA-CITYSOUTHDEPOT domain-name rngint.net names ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 10.56.0.1 255.255.0.0 ! interface Vlan2 nameif outside security-level 0 ip address 71.43.109.226 255.255.255.252 ! banner motd ***ASA-CITYSOUTHDEPOT*** banner asdm CITY SOUTH DEPOT ASA5505 ftp mode passive clock timezone EST -5 clock summer-time EDT recurring dns server-group DefaultDNS domain-name rngint.net access-list outside_1_cryptomap extended permit ip host 71.43.109.226 host 10.1.0.125 access-list outside_1_cryptomap extended permit ip 10.56.0.0 255.255.0.0 10.0.0.0 255.0.0.0 access-list outside_1_cryptomap extended permit ip 10.56.0.0 255.255.0.0 10.106.70.0 255.255.255.0 access-list outside_1_cryptomap extended permit ip 10.56.0.0 255.255.0.0 10.106.130.0 255.255.255.0 access-list outside_1_cryptomap extended permit ip host 71.43.109.226 host 10.160.70.10 access-list inside_nat0_outbound extended permit ip host 71.43.109.226 host 10.1.0.125 access-list inside_nat0_outbound extended permit ip 10.56.0.0 255.255.0.0 10.0.0.0 255.0.0.0 access-list inside_nat0_outbound extended permit ip 10.56.0.0 255.255.0.0 10.106.130.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 10.56.0.0 255.255.0.0 10.106.70.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip host 71.43.109.226 10.106.70.0 255.255.255.0 pager lines 24 logging enable logging buffer-size 25000 logging buffered informational logging asdm warnings mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 icmp permit any inside no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 route outside 0.0.0.0 0.0.0.0 71.43.109.225 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ (inside) host 10.106.70.36 key ***** aaa authentication http console LOCAL aaa authentication ssh console LOCAL aaa authorization exec authentication-server http server enable http 192.168.1.0 255.255.255.0 inside http 10.0.0.0 255.0.0.0 inside http 0.0.0.0 0.0.0.0 outside snmp-server host inside 10.106.70.7 community ***** no snmp-server location no snmp-server contact snmp-server community ***** snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto map outside_map 1 match address outside_1_cryptomap crypto map outside_map 1 set pfs group1 crypto map outside_map 1 set peer 64.129.214.27 crypto map outside_map 1 set transform-set ESP-3DES-SHA crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 1 authentication pre-share encryption des hash md5 group 2 lifetime 86400 telnet timeout 5 ssh 10.0.0.0 255.0.0.0 inside ssh 0.0.0.0 0.0.0.0 outside ssh timeout 5 console timeout 0 management-access inside dhcpd auto_config outside ! dhcpd address 10.56.0.100-10.56.0.121 inside dhcpd dns 10.1.0.125 interface inside dhcpd auto_config outside interface inside ! dhcprelay server 10.1.0.125 outside dhcprelay enable inside dhcprelay setroute inside dhcprelay timeout 60 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept tftp-server inside 10.1.1.25 CITYSOUTHDEPOT-ASA-Confg webvpn tunnel-group 64.129.214.27 type ipsec-l2l tunnel-group 64.129.214.27 ipsec-attributes pre-shared-key ***** ! ! prompt hostname context

Read the article
How can I restrict my mates to stop downloading?

- by user239295

We are sharing an internet broadband connection with 6 users at a place we live. We get 20 gb fup ( Fair usage policy) with 2 mbps speed from the ISP after the 20 gb is consumed the speed comes down to 512 kbps very difficult to browse any page. The problem is we cannot track which user/mate is downloading and ending the FUP. it is very difficult to track so is there something that we can allot per user some amount of space like 2 gb of downloading or restrict all from downloading so that we can utilize all the fup till the end of the month. We are using this connection as wifi configured. A adsl router is configured as wifi and we all using all 6 laptops. No PC. Any help would be appreciated. I apologize if i am not clear with my question.

Read the article
Proxy Server suggestions

- by Jon Menefee

Here is the question I have that hopefully is not too general of a question. I have a network with approximately 25 PC's, 3 servers and 25 IP cameras. I have a firewall already on the network and it works fine for what I need, but my client is asking me if there is a way to put a Proxy server on the network to monitor where his employees are going when they surf the Internet. He is not wanting to block them (at least not thru the Proxy server), but he wants to make sure that they arent going to sites that would compromise the networked PCs. I have looked at TMG and it is a little more than what I want. I hesitate adding another firewall to the system because of the security cameras that are presently on the network (IP Cameras). I just want to put a policy in AD that would make certain Users (or Computers) use a Proxy server. Any suggestions on a good proxy server are welcome. Thank you

Read the article
How can I automate or script daily downloads for any new anti- virus databases, and then have the program scan my drive?

- by Macgrimm

Howdy all Super Users" I humbly ask if any Super User can direct this long time, gray haired Apple Tech in the right direction on this issue. I believe there probably are many ways to skin this cat. But I am looking to find simply the best, most unattended way to get it done. Any help will be greatly appreciated. also (I know there are much better softwares out there for the Mac so please don't go there! The politics of this company dictate which Anti virus we have to use) anyway without any further wait: basically I am trying to automate 2 very important functions of Mc'Afee anti-virus for Mac. First I want to automate the process of retrieving new virus definition files, and second I want to automate the process of scanning for viruses. It turns out that Using Mc'Afee Anti-Virus for the Mac are both manual functions. And they left up to the user (per user account) to perform. Depending on all of about 150 MAc users to perform these 2 tasks themselves is around 65% compliance. My question then is: If I wanted to use the command line such as (open /Applications/McAfee\ Security.app) It will open up the Security Console. But how can I make command Mc'Afee go out and grab the definition files and scan the computer? I have to admit I am at a crossroad and Macaltimers has set in. I would really appreciate it if any of you "Super ~ Users" can help me out with this MacAltimers loss of how to what to do. Thanks to All up Front Macgrimm

Read the article
Windows updates behind a physical firewall with only IP based rules and generic outbound connections are turned off

- by user125245

I have some boxes that I do not want to allow any in or outbound traffic to the internet Except for windows updates. However the fire wall in place (Cisco ASA) apparently only supports ip based rules. As best I can tell access to Microsoft updates via anything other then the half dozen URL masks the Microsoft lists as needed does not appear possible. I have kicked around building a full WSUS that I would then manually copy the update files to so that no direct Microsoft access is needed but this sounds very top heavy for the very few boxes involved. I have also kicked around manual updates all around but am not certain how to be conveniently and confidently sure that the correct updates are being applied in the correct order. Any ideas from any direction would be appreciated. I want this as simple / cost effective as possible but have very little flexibility on the only absolutely required internet access policy.

Read the article
How to remove IE toolbar and menu bar

- by Metallikanz

We have a asp.net web application which will be used in an intranet environment on IE 6. We want to change the default configuration of the browser so that it's always rendered without the Tool Bars, Menu Bars and Address Bar, just the browser window frame and the status bar should be present. We were looking at the IEAK toolkit for IE6 but it doesn't seem to have the option of turning all this off though you can turn off certain menus and toolbar options. Any ideas of how this can be done, is there a group policy setting or something that we can utilize here to get this done? Thanks for your help.

Read the article
Disqus cache of unposted posts

- by user129107

Some webpages implement Disqus and also have the rather bad policy of adding auto refresh to the page. This result in for example one writing a long answer in a debate and then a refresh comes along – and everything is gone. Is the comments, written, but not posted, cached somewhere? Is it possible to retrieve? I have experienced this on various pages. In the current case the debate page was reloaded and a rather lengthy post with a lot of references and long thought out sentences vanished. This page closes the debate during night time, and do a auto refresh of the page when one pass midnight – as such I'm not able to retrieve the debate for another 8 hours. Other pages implement for example an auto refresh after 20 minutes. Linux, Google Chrome.

Read the article
Windows Task Scheduler won't let me uncheck "Wake the computer" option for a backup task

- by KdawgUD

I have a problem with my windows 7 laptop automatically waking after I put it to sleep and then I find it later with the battery drained. I tracked down the culprit using the "powercfg -lastwake" command to be a Backup task in the "Windows Server" section of the task scheduler. I have tried unchecking the "Wake the computer to run this task" checkbox for this task, but after I do this and reboot, the box is always rechecked again. How can I make this setting persist? I have full admin rights to this laptop, but it is on a domain. Edit: I looked into the domain policy settings as suggested by Dave below and did not find any policies related to scheduled task settings. Any other ideas?

Read the article
SFTP not working, but SSH is

- by Dan

I've had a server running CentOS for a few months now. A few days ago, I stopped being able to connect to it over SFTP. I've tried from multiple computers, OSes, clients, and internet connections. I can SSH in just fine, though. For example, Nautilus gives me this: Error: DBus error org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. Please select another viewer and try again. I was under the impression that SFTP was just pure SSH, and if one worked, the other would, and vice-versa. Clearly that's not the case, though. What could I have done wrong?

Read the article
'Unlimited' free trial of Windows Server 2008 by deleting and reinstalling VM? [closed]

- by MrVimes

I am using Virtual Machine software (VirtualBox) to learn Windows Server 2008 R2 Network Infrastructure (70-642). Trouble is - I'm learning at an extremely slow pace and so the trial periods of my virtual machines are close to running out. If I delete the VMs then install WS2008R2 from scratch on new VMs is that violating the acceptable use policy of Microsoft? I am aware that I can extend the trial, but it seems I can only do that by 10 days at a time. Also I think having to re-install from scratch is a good way to reinforce the knowledge.

Read the article
User account restriction error and unable to access share

- by user44394

I have a windows share with full control granted to individual domain user accounts on the share and security permission. Whenever the user attempts to browse to the share they receive the error: Logon failure user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced. If the users are added to the administrators group on this machine they are able to browse the share without issue. What do I need to change to allow them access to the share without being administrators on that machine?

Read the article
Domain Key Entries

- by natediggs

More BIND DNS questions. OK, my changes the the zone files are no propagating out. Now I'm having a problem with the domain key entries I'm trying to create. I'm starting by trying to set the domain key policy. To do so I added the following entry to my zone file (actual domain XXX'd out). Based on everything I've read this is properly formatted and should work. When I try to verify the DNS entry for our domain it doesn't how up. _domainkey.XXXX.com TXT "t=y; o=~;" Is there something I'm missing? Nate

Read the article
Minimum rights to access the whole Users directory on another computer

- by philipthegreat

What is the minimum rights required to access the Users directory on another computer via an admin share? I have a batch file that writes some information to a few other computers using a path of \\%COMPUTERNAME%\c$\Users\%USERNAME%\AppData\Roaming. The batch files run under an unprivileged user (part of Domain Users only). How do I set appropriate rights so that service account can access the AppData\Roaming folder for every user on another computer? I'd like to give rights lower than Local Admin, which I know will work. Things I've attempted: As Domain Admin, attempted to give Modify rights to the C:\Users\ directory on the local computer. Error: Access Denied. Set the service account as Local Admin on the other computer. This works, but is against IT policy where I work. I'd like to accomplish this with rights lower than Local Admin. Any suggestions?

Read the article
Windows Home Server restore causes computer to be removed from the domain?

- by unknown (google)

I restored my Dell M4400 that is a company laptop, and now I get an error when I try to log on and am connected to our corporate network, which says that the domain controller could not be found or that the computer is not part of the domain. Everyone else can log on, so it seems my computer is no longer part of the domain, even though it thinks it is per the settings. One thing of note: my computer crashed on 1/14/10, but I restored from a backup that was made on 12/20/09. So I am not sure if that made a difference? Also, I tried running "gpupdate" to update my group policy, but that did not seem to help. Any ideas? Seems like a bit of a flaw in the backup system for computers that are part of a domain. I guess I wanted to hear from someone with more knowledge about how a computer is recognized as part of a domain to know if this should be expected when doing a restore or if I should file a trouble ticket.

Read the article
TPM had to be reintialized: Does a new recovery password have to be uploaded to AD?

- by MDMoore313

Some way some how, a user's machine couldn't get read the bitlocker password off of the TPM chip, and I had to enter the recovery key (stored in AD) to get in. No big deal, but once in the machine, I tried to suspend bitlocker per recovery documentation, and got an error message about the TPM not being initialized. I knew the TPM was on and activated in the BIOS, but Windows still made me reinitialize the TPM chip, and in the process it created a new TPM owner password. I found that odd because it prompted me to save this password or print it (there wasn't an option not to), but it made no reference of a recovery password, nor did it back this password up to AD. After the user took her laptop and left I started thinking that if the TPM password change, does the recovery password change also? If so, that new recovery password will need to be uploaded to AD, but MS' documentation doesn't make that clear, and doesn't back up the new recovery key (if one exists) to AD automatically when the group policy says it must, and from a network standpoint AD is accessible.

Read the article
IPSec VPN IP addresses

- by Randomblue

I have an IPSec VPN on my Windows 7 machine (all using the native Windows 7 gateway). The host I am connecting to has different ISAKMP "Phase 1" and "Phase 2" IP addresses. As I understand, the Phase 1 address is that of the IPsec endpoint, to which I can connect just fine. The Phase 2 address is found in their "crypto map", and the addresses need to match. At the moment, both my Phase 1 and Phase 2 addresses are configured the same. On my side, I get the error "Error 791: The L2TP connection attempt failed because security policy for the connection was not found" How can I configure the Phase 2 IP address for my Windows 7 IPSec VPN to be different to the IPSec endpoint address?

Read the article
How do you do the offsite hard drive backups?

- by kentchen

I have been doing hard drive backups for a while, which I believe a lot of you guys do as well, but am having trouble figuring out a better way storing them offsite. I am wondering how you guys out there do that. Any policy or tips & tricks when it comes to offsite store your backups, mainly hard drives not tapes. Thanks in advance. [update] Thanks for mentioning the online backup. We are actually in the middle of this process. And I 100% agree that it's the ultimate way to go. However, considering the cost, sometimes it may not be the option, as it's a quite expensive option if you also consider the application level. I guess online backup can be a very good one in the separate topic. :)

Read the article
Ideal permissions scheme for multiple Apache/PHP sites...

- by Omega

I'm hosting multiple sites from one server where each site has it's own user and www directory in their home dir. Currently our web server runs as user nobody(99). We're noticing that to run several popular scripts and engines, they require write access to their own files. As the home directory is owned by the user, not nobody(99), what is the best policy or change in hosting configuration that would: ...make it so that all the various engines and platforms work? ...still allow us to work with files and edit them without having to diddle with permissions as root? Thanks for the advice!

Read the article
Run 2008 R2 Service under 2000 Domain Account

- by NoDisassemble

I'm trying to get a service to run under a domain account. When I try to add the account, I get the error The account name is invalid or does not exist, or the password is invalid for the account name specified I know the account exists and the password is correct. I am also having trouble adding it manually to the "Log on as a service" setting, I get the error An extended error has occured. Failed to save Local Policy Database After a day of research I'm starting to suspect it has to do with it being a 2008 R2 server trying to use a 2000 domain account. I've tried to change the LAN Manager authentication level and the Minimum session security looks okay per my Google digging. I'm not sure what else I can do?

Read the article

< Previous Page | 84 85 86 87 88 89 90 91 92 93 94 95 | Next Page >